CVE-2016-10668
CVE-2016-10668
In short
libsbml downloads files over unencrypted HTTP instead of HTTPS, allowing attackers on the network to intercept and replace those files with malicious versions, potentially executing code on your computer.
Technical detail
The module fetches Linux binaries over HTTP without encryption, exposing the download to man-in-the-middle attacks where a network-positioned attacker can substitute legitimate resources with malicious ones, resulting in remote code execution during installation or use.
Summary generated and translated by AI from the official description.
libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
Affected products
HackerOne · libsbml node moduleWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://nodesecurity.io/advisories/272